Follow-up: Add config options to disable name, email, subject modification

Why: * Comments were left on the patch merged as 6012864345 indicating issues with the implementation of the patch. * This follow-up change addresses these concerns, including giving a more detailed error description for missing a confirmed email address and disallowing invalid configuration. What: * Add contactpage-musthaveemail-error-title and contactpage- musthaveemail-error which are used instead of noemail and noemailtitle for when a confirmed email address is not attached to an account. * Make the following configurations disallowed and to cause the contact page to not display: ** 'EmailReadonly' set to true, 'MustBeLoggedIn' set to false, and 'RequireDetails' set to true ** 'MustHaveEmail' set to true and 'MustBeLoggedIn' set to false. * Update the README for changes made, including fixing the listed example configuration. Bug: T324175 Change-Id: I2074c800987c91d53f589ffcc717557e46684092
2024-02-01 23:30:22 +00:00 · 2024-02-01 23:30:22 +00:00 · e0dc4dfdc5
--- a/23
+++ b/23
@ -38,7 +38,11 @@ $wgContactConfig.
       'SenderName' => 'User Email',
       'RequireDetails' => true,
       'IncludeIP' => true,
-       "MustBeLoggedIn": true,
+       'MustBeLoggedIn' => true,
+       'NameReadonly' => true,
+       'EmailReadonly' => true,
+       'SubjectReadonly' => true,
+       'MustHaveEmail' => true,
       'AdditionalFields' => [],
       'RLModules' => [],
       'RLStyleModules' => [],
@ -47,6 +51,12 @@ $wgContactConfig.
 All contact form keys (in this case 'formname') should be in
 lowercase.

+The following situations will cause the contact form to be inaccessible:
+* Setting EmailReadonly to true if MustBeLoggedIn is false and RequireDetails
+  is false.
+* Setting MustHaveEmail to true if MustBeLoggedIn is false.
+* RecipentUser being undefined.
+
 RecipentUser must be the username of a registered wiki user, who has
 supplied an email address, has user-to-user email enabled, and has
 confirmed his/her email address if that is required on this wiki
@ -66,6 +76,17 @@ offering to put the IP address of the submitter in the subject line.
 MustBeLoggedIn is whether the contact form is only accessible when
 users are logged in.

+NameReadonly is used to make the name field readonly.
+
+EmailReadonly is used to make the email field readonly.
+
+SubjectReadonly is used to make the subject field readonly.
+
+MustHaveEmail is used to require that the user loading the form has
+a confirmed email address attached to their account. If the user does
+not have a confirmed email address, an error will be displayed and the
+form will not be shown.
+
 AdditionalFields is used to add any additional fields to the contact form.
 These are done using https://www.mediawiki.org/wiki/HTMLForm notation.
 The default message text box is not included by default, and if required,
--- a/i18n/en.json
+++ b/i18n/en.json
@ -21,5 +21,7 @@
 	"contactpage-captcha-error": "CAPTCHA error",
 	"contactpage-config-error-title": "Contact form error",
 	"contactpage-config-error": "A contact form is either not configured for this page or is configured incorrectly.",
-	"contactpage-mustbeloggedin": "Please log in to submit a contact form."
+	"contactpage-mustbeloggedin": "Please log in to submit a contact form.",
+	"contactpage-musthaveemail-error-title": "Missing confirmed email address",
+	"contactpage-musthaveemail-error": "Please set a confirmed email address in your [[Special:Preferences|preferences]] to submit a contact form."
 }
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@ -27,5 +27,7 @@
 	"contactpage-captcha-error": "Error message displayed when there was a CAPTCHA error (i.e. the user failed to enter the correct CAPTCHA, or didn't enter one at all, etc.)",
 	"contactpage-config-error-title": "Page title of Special:Contact when the requested form is configured incorrectly.",
 	"contactpage-config-error": "Used as the content of Special:Contact when the requested form is configured incorrectly.",
-	"contactpage-mustbeloggedin": "Showed on Special:Userlogin when user tries to use a Contact Page that requires them to be logged in."
+	"contactpage-mustbeloggedin": "Showed on Special:Userlogin when user tries to use a Contact Page that requires them to be logged in.",
+	"contactpage-musthaveemail-error-title": "Used as the page title for Special:Contact when a user without a confirmed email address tries to load a form that requires the user have a confirmed email address.",
+	"contactpage-musthaveemail-error": "Showed on Special:Contact when a user tries to use a contact form that requires the user have confirmed email address."
 }
--- a/includes/SpecialContact.php
+++ b/includes/SpecialContact.php
@ -121,13 +121,24 @@ class SpecialContact extends UnlistedSpecialPage {
 		$user = $this->getUser();

 		// Display error if user not logged in when config requires it
-		if ( isset( $config['MustBeLoggedIn'] ) && $config['MustBeLoggedIn'] ) {
+		$requiresConfirmedEmail = $config['MustHaveEmail'] ?? false;
+		$requiresLogin = $config['MustBeLoggedIn'] ?? false;
+		if ( $requiresLogin ) {
 			$this->requireNamedUser( 'contactpage-mustbeloggedin' );
+		} elseif ( $requiresConfirmedEmail ) {
+			// MustHaveEmail must not be set without setting MustBeLoggedIn, as
+			// anon and temporary users do not have email addresses.
+			$this->getOutput()->showErrorPage( 'contactpage-config-error-title',
+				'contactpage-config-error' );
+			return;
 		}

 		// Display error if sender has no confirmed email when config requires it
-		if ( isset( $config['MustHaveEmail'] ) && $config['MustHaveEmail'] && !$user->isEmailConfirmed() ) {
-			$this->getOutput()->showErrorPage( 'noemailtitle', 'noemail', [ $user ] );
+		if ( $requiresConfirmedEmail && !$user->isEmailConfirmed() ) {
+			$this->getOutput()->showErrorPage(
+				'contactpage-musthaveemail-error-title',
+				'contactpage-musthaveemail-error'
+			);
 			return;
 		}

@ -188,6 +199,18 @@ class SpecialContact extends UnlistedSpecialPage {
 			$emailReadonly = $config['EmailReadonly'] ?? false;
 		}

+		// Show error if the following are true as they are in combination invalid configuration:
+		// * The form doesn't require logging in
+		// * The form requires details
+		// * The email form is read only.
+		// This is because the email field will be empty for anon and temp users and must be filled
+		// for the form to be valid, but cannot be modified by the client.
+		if ( !$requiresLogin && $emailReadonly && $config['RequireDetails'] ) {
+			$this->getOutput()->showErrorPage( 'contactpage-config-error-title',
+				'contactpage-config-error' );
+			return;
+		}
+
 		$additional = $config['AdditionalFields'] ?? [];

 		$formItems = [